π΅οΈββοΈ Okta Fixes Auth Bypass Bug After 3-Month Lull π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The bug affected accounts with 52character user names, and had several preconditions that needed to be met in order to be exploited.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Okta Fixes Auth Bypass Bug After 3-Month Lull
The bug affected accounts with 52-character user names, and had several pre-conditions that needed to be met in order to be exploited.
π΅οΈββοΈ OWASP Beefs Up GenAI Security Guidance Amid Growing Deepfakes π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, nextgeneration threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
OWASP Beefs Up GenAI Security Advice Amid Growing Deepfakes
As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, next-generation threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate.
π1
π¦Ώ Software Makers Encouraged to Stop Using C/C++ by 2026 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation assert that C, C, and other memoryunsafe languages contribute to potential security breaches.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Software Makers Encouraged to Stop Using C/C++ by 2026
CISA and the FBI released a Product Security Bad Practices Report asserting C, C++, and other languages cause potential security breaches.
π΅οΈββοΈ APT36 Refines Tools in Attacks on Indian Targets π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The Pakistanbased advanced persistent threat actor has been carrying on a cyberespionage campaign targeting organizations on the subcontinent for more than a decade, and it's now using a new and improved "ElizaRAT" malware.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
APT36 Refines Tools in Attacks on Indian Targets
The Pakistan-based advanced persistent threat actor has been carrying on a cyber-espionage campaign targeting organizations on the subcontinent for more than a decade, and is now using a new and improved "ElizaRAT" malware.
π΅οΈββοΈ Iranian APT Group Targets IP Cameras, Extends Attacks Beyond Israel π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The Iranlinked group Emennet Pasargad aims to undermine public confidence in Israeli and Western nations by using hackandleak campaigns and disrupting government services, including elections.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Iranian APT Targets IP Cameras, Extends Attacks Beyond Israel
The Iran-linked group Emennet Pasargad aims to undermine public confidence in Israel and Western nations by using hack-and-leak campaigns and disrupting government services, including elections.
β€1
ποΈ Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running crossplatform malware. The attack is notable for utilizing Ethereum smart contracts for commandandcontrol C2 server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past few.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
ποΈ Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander "Connor" Moucka aka Judische and Waifu, was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE202443093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Androiddata," "Androidobb," and "Androidsandbox" directories and its subdirectories,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π½ Hackers Strike at Heart of Italian Government π½
π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
In a scenario reminiscent of a modernday Italian Job, hackers have allegedly breached Italys national security, exposing confidential data of some of the countrys most prominent political figures. At the heart of the controversy is Nunzio Samuele Calamucci, a 44yearold IT consultant operating from a modest office near Milans iconic.π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
Be4Sec
Hackers Strike at Heart of Italian Government
In a scenario reminiscent of a modern-day Italian Job, hackers have allegedly breached Italyβs national security, exposing confidential data of some of the countryβs most prominent political β¦
π2
π Chinese Air Fryers May Be Spying on Consumers, Which? Warns π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A Which? report outlines serious privacy concerns with smart device products including air fryers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Chinese Air Fryers May Be Spying on Consumers, Which? Warns
A new Which? report outlines serious privacy concerns with smart device products including air fryers
ποΈ Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Taiwanese networkattached storage NAS appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE202410443 and dubbed RISKSTATION by Midnight Blue, the zeroday flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager. RISKSTATION is an ".π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Five ways cyber criminals target healthcare and how to stop them π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Medical institutions are among the top targets for threat actors, here five major threats facing the healthcare sector and what organizations can do to stay secure.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Five ways cyber criminals target healthcare and how to stop them
Medical institutions are among the top targets for threat actors, here five major threats facing the healthcare sector and what organizations can do to stay secure
β€2
π’ Googleβs Big Sleep AI model just found a zero-day vulnerability in the wild β but donβt hold your breath for game-changing AI bug hunting tools any time soon π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Google clarified it was the first undiscovered memory safety bug to be flagged by an AI agent, touting this as a significant step in using AI for vulnerability research.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITProUK
Googleβs Big Sleep AI model just found a zero-day vulnerability in the wild β but donβt hold your breath for game-changing AI bugβ¦
Google clarified it was the first undiscovered memory safety bug to be flagged by an AI agent, touting this as a significant step in using AI for vulnerability research
π1
π’ Schneider Electric confirms breach after hacker claims to have 40GB of stolen data π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A hacker claimed to have stolen 400,000 rows of user data from Schneider Electric and took to social media to taunt the French multinational.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Schneider Electric confirms breach after hacker claims to have 40GB of stolen data
A hacker claimed to have stolen 400,000 rows of user data from Schneider Electric and took to social media to taunt the French multinational
β€1
π΅οΈββοΈ Docusign API Abused in Widescale, Novel Invoice Attack π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Attackers are exploiting the "Envelopes create API" of the enormously popular documentsigning service to flood corporate inboxes with convincing phishing emails aimed at defrauding organizations. It's an unusual attack vector with a high success rate.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Docusign API Abused in Widescale, Novel Invoice Attack
Attackers are exploiting the "Envelopes: create API" of the enormously popular document-signing service to flood corporate inboxes with convincing phishing emails aimed at defrauding organizations. It's an unusual attack vector with a high success rate.
π΅οΈββοΈ Oh, the Humanity! How to Make Humans Part of Cybersecurity Design π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Government and industry want to jumpstart the conversation around "humancentric cybersecurity" to boost the usability and effectiveness of security products and services.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Oh, the Humanity! How to Make Humans Part of Cybersecurity
Government and industry want to jump-start the conversation around "human-centric cybersecurity" to boost the usability and effectiveness of security products and services.
π΅οΈββοΈ How to Win at Cyber by Influencing People π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Zero trust is a mature approach that will improve your organization's security.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
How to Win at Cyber by Influencing People
Zero trust is a mature approach that will improve your organization's security.
π΅οΈββοΈ Dark Reading Confidential: Quantum Has Landed, So Now What? π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Episode 4 NIST's new postquantum cryptography standards are here, so what comes next? This episode of Dark Reading Confidential digs the world of quantum computing from a cybersecurity practitioner's point of view with guests Matthew McFadden, vice president, Cyber, General Dynamics Information Technology GDIT and Thomas Scanlon, professor, Heinz College, Carnegie Mellon University.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Quantum Has Landed, So Now What?
NIST's new post-quantum cryptography standards are here, so what comes next? We dig into the world of quantum computing for cybersecurity pros.
π΅οΈββοΈ On Election Day, Disinformation Worries Security Pros the Most π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A Dark Reading poll reveals widespread concern over disinformation about election integrity and voter fraud, even as Russia steps up deepfake attacks meant to sow distrust in the voting process among the electorate.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
On Election Day, Disinformation Worries Security Pros the Most
A Dark Reading poll reveals widespread concern over disinformation about election integrity and voter fraud, even as Russia steps up deepfake attacks meant to sow distrust in the voting process among the electorate.
π¦Ώ VMware Explore Barcelona 2024: Tanzu Platform 10 Enters General Availability π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
About a year after Broadcoms acquisition of VMware, the company released VMware Tanzu Data Services to make connections to some thirdparty data engines easier.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
VMware Explore Barcelona 2024: Tanzu Platform 10 Enters General Availability
A year after Broadcom acquired VMware, the company released VMware Tanzu Data Services to make connections to third-party data engines easier.
π¦Ώ The 7 Best Encryption Software Choices for 2024 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
This is a comprehensive list of the best encryption software and tools, covering their features, pricing and more. Use this guide to determine your best fit.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
The 7 Best Encryption Software Choices for 2024
This is a comprehensive list of the best encryption software and tools, with features, pricing and more. Use this guide to find your best fit.